Lost trust in internet security authorities

These are uncertain times we live in. Economic turmoil, war, earthquakes, and typhoons. But when we lose trust in our authorities and lose confidence in things thought to be certain, our way of life can be disrupted.

At the end of August, attackers broke into DigiNotar, a SSL certificate authority and began issuing fake SSL certificates for multiple sites including Google. The Secure Socket Layer (SSL) protocol was created to ensure secure transactions between web servers and browsers. This was to help end users (browsers) know they are dealing with the right or legitimate web site – to ensure that the web site owners are who they claim to be.

When it comes to trusting an SSL certificate, web browsers rely on authoritative certificate authorities like DigiNotar, that validate the authenticity of a given SSL certificate. Without a valid SSL certificate we can trust, users could be transacting with criminals posing as legitimate websites.

The failure of DigiNotar to effectively remove invalid SSL certificates, after the crime was discovered, endangered the public and confidence in digital transactions and communications. This failure led browser vendors, like Microsoft, to remove DigiNotar from the list of trusted certificate authorities.

“Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer,” Microsoft warned in an advisory. “As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.”

So when trust is lost in authorities, confidence is gone and the end of an establishment or organization can be the result. However, the other side of this story we shouldn’t miss is the resiliency of the ecosystem to rebound. The fraud was identified and remedial actions taken. So as with all things in life, the ride can get bumpy. But we shouldn’t lose confidence in the digital frontier as a way of life.